Uploaded image for project: 'JikesRVM'
  1. RVM-1050

Memory.memcopy(Address, Address, Extent) can corrupt memory when memory areas overlap



      The specification of System.arraycopy(..) says that copies from the same array to the same array can never overwrite data that is needed for the copy. Rather, the method acts as if the data to be copied was first copied to a temporary array and then copied from that temporary array to the destination.

      There is currently a bug that can break this behaviour when doing large copies. The System.arraycopy(..) methods can call the aligned*Copy(..) methods in org.jikesrvm.runtime.Memory. These methods have the assumption that src != dst || (srcPos >= dstPos). The problem is that the methods call out to memcopy(Address, Address, Extent) (also in org.jikesrvm.runtime.Memory) when NATIVE_THRESHOLD is exceeded. memcopy(Address, Address, Extent) uses SysCall.sysCall.sysCopy(..) which uses memcpy(..) which assumes that the memory areas do not overlap. This is a stronger assumption than what the aligned*Copy(..) methods provide.

      In general, this can lead to errors. In pratice, this seems to happen very rarely. I did not suceed in extracting a test case for the error.




            • Assignee:
              ebrangs Erik Brangs
              ebrangs Erik Brangs
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: